English Abstract
ABSTRACT :
The growing technology has shifted the business focus from manual to automated ways.
This fact increased the development of software applications in every field of life. However, there are growing cyber threats to the applications by malicious users and attackers. The developers of software applications have to handle the vulnerabilities in source code during the development and penetration testers have to identify threats during or after deployment. A large number of tools exist for assessing threats and vulnerabilities in web applications. However, the selection of appropriate tools for code analysis and vulnerability detection remains a big challenge for software developers and penetration testers.
This research initially investigates different types of vulnerabilities and attacks that exist in software applications. Based on the requirements, this research proposes a mathematical representation using Tensor that considers different features of web applications, security tools, and deployment infrastructure.
The dataset is prepared by extracting the needed features manually from open-source web applications, popular security tools in the domain, and infrastructure modes, then used to train five different machine learning classifiers. Feature optimization is applied to the dataset to reduce the number of features while achieving higher prediction accuracy values. Random Forest (RF), Decision Tree (DT), Support vector machines (SVM), and Naive Bayes (NB) classifiers provided the highest accuracy values. The trained models are used to predict suitable tools for randomly selected open-source web applications. This research found that RF achieved 97% and DT showed 93% prediction accuracy, while SVM 89% and NB achieved 86% prediction accuracy. The selected tools are further validated manually and found the same suitable security tool. The results of the study are promising and provide a strong foundation for cyber security tools recommender systems.
